SoheilKhodayari/TheThing external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

SoheilKhodayari/TheThing

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SoheilKhodayari/TheThing)

Close

SoheilKhodayari / TheThingView on GitHubMore

• External links
• Readme badge

TheThing: an open-source tool to detect DOM Clobbering vulnerabilities

☆57Oct 25, 2023Updated 2 years ago

Alternatives and similar repositories for TheThing

Users that are interested in TheThing are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• SoheilKhodayari / DOMClobbering

  View on GitHub
  DOM Clobbering Wiki, Browser Testing, and Payload Generation
  ☆61Dec 18, 2025Updated 3 months ago
• SoheilKhodayari / JAW

  View on GitHub
  JAW: A Graph-based Security Analysis Framework for Client-side JavaScript
  ☆118Feb 13, 2026Updated 2 months ago
• jackfromeast / TheHulk

  View on GitHub
  TheHulk is a dynamic analysis tool designed to detect and exploit DOM Clobbering vulnerabilities.
  ☆92Aug 25, 2025Updated 7 months ago
• SAP / project-foxhound

  View on GitHub
  A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozi…
  ☆165Mar 30, 2026Updated 2 weeks ago
• SoheilKhodayari / Basta-COSI

  View on GitHub
  A framework for the detection of COSI vulnerabilities / XS-Leaks
  ☆14Mar 29, 2023Updated 3 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• KTH-LangSec / silent-spring

  View on GitHub
  Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
  ☆74Jan 21, 2024Updated 2 years ago
• DukeSec97 / Collection-of-over-9000-xss-payloads.heavy-xss-collection

  View on GitHub
  Collection of over 9000 xss payloads | heavy xss collection
  ☆13Dec 6, 2022Updated 3 years ago
• pixelindigo / yurascanner

  View on GitHub
  YuraScanner
  ☆76Feb 13, 2025Updated last year
• JorianWoltjer / nodejs-file-write-rce

  View on GitHub
  NodeJS File Write to RCE on a read-only filesystem using a ROP chain in libuv
  ☆38Oct 13, 2024Updated last year
• Slonser / hui

  View on GitHub
  HTML Universal Identifier
  ☆66Dec 15, 2024Updated last year
• testable-eu / sast-testability-patterns

  View on GitHub
  Testability Pattern Catalogs for SAST
  ☆34Feb 18, 2025Updated last year
• francisconeves97 / jxscout-caido

  View on GitHub
  Caido plugin for jxscout
  ☆15Nov 22, 2025Updated 4 months ago
• testable-eu / sast-tp-framework

  View on GitHub
  TP-Framework: Testability Pattern Framework for SAST
  ☆16May 10, 2024Updated last year
• devanshbatham / getsan

  View on GitHub
  A utility to fetch and display dns names from the SSL/TLS cert data
  ☆16Aug 11, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• oshp / oshp-stats

  View on GitHub
  Stats about HTTP response security headers usage mentioned by the OSHP.
  ☆17Jan 25, 2026Updated 2 months ago
• fcavallarin / burp-dom-scanner

  View on GitHub
  Burp Suite's extension to scan and crawl Single Page Applications
  ☆107Apr 14, 2023Updated 3 years ago
• u1f383 / writeup

  View on GitHub
  ctf writeup and log
  ☆49Nov 30, 2024Updated last year
• surviveRuins / css-scrollbar-attack

  View on GitHub
  PoC for leaking text nodes via CSS injection
  ☆25Jul 27, 2024Updated last year
• EkiXu / marshalexp

  View on GitHub
  ☆23Jan 2, 2023Updated 3 years ago
• engn33r / awesome-redos-security

  View on GitHub
  List of RegEx DoS (ReDoS) CVEs and resources
  ☆30Feb 6, 2023Updated 3 years ago
• ElectrovoltSec / HackBench

  View on GitHub
  How effective are LLMs in identifying and exploiting security vulnerabilities?
  ☆68Feb 28, 2025Updated last year
• caioluders / LostAndFound

  View on GitHub
  ☆30Mar 12, 2026Updated last month
• Hacking-Notes / ClickMe

  View on GitHub
  Clickme is a powerful multi-step clickjacking tool designed for security professionals. Create, visualize, and demonstrate complex clickj…
  ☆14Sep 4, 2025Updated 7 months ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• shhnjk / spoof.js

  View on GitHub
  WinDbg script to spoof origin and url of a renderer process in Chrome
  ☆25Dec 2, 2020Updated 5 years ago
• doyensec / malicious-devfile-registry

  View on GitHub
  Exploit for CVE-2024-0402 in Gitlab
  ☆15Mar 18, 2025Updated last year
• ssl / shortboost

  View on GitHub
  Unicode characters that will translate a single character to multiple characters in domain names or TLD's
  ☆51Nov 23, 2024Updated last year
• kevin-mizu / domloggerpp

  View on GitHub
  A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
  ☆787Dec 9, 2025Updated 4 months ago
• doyensec / Unsafe-Unpacking

  View on GitHub
  Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide
  ☆43Dec 16, 2024Updated last year
• bjornhels / CVE-2025-30065

  View on GitHub
  PoC
  ☆12Apr 7, 2025Updated last year
• CesarMRodriguez / intro-pentest-android-nerdearla101v2

  View on GitHub
  Material e instructivo para el Workshop de nerdearla 101 v2
  ☆13Jul 27, 2022Updated 3 years ago
• zb3 / getfrontend

  View on GitHub
  Get and extract the frontend code of a SPA, finding all chunks and recreating the original code from source maps. Should support common w…
  ☆50Jul 23, 2025Updated 8 months ago
• Iansus / DllProxy

  View on GitHub
  ☆17Jun 28, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• harisec / orange-confusion-attacks

  View on GitHub
  Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
  ☆21Aug 25, 2024Updated last year
• rmb122 / ebpf-backdoor-demo

  View on GitHub
  linux ebpf backdoor demo
  ☆12Nov 20, 2024Updated last year
• lauritzh / auth-request-analyser

  View on GitHub
  This Chromium extensions aims at supporting the analysis of single sign-on implementations, by offering semi-automated analysis and attac…
  ☆29Jul 4, 2023Updated 2 years ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,607Jan 27, 2024Updated 2 years ago
• Te-k / harpoontools

  View on GitHub
  CLI tools using Harpoon features
  ☆24Nov 7, 2023Updated 2 years ago
• 0xPugal / knoxsser

  View on GitHub
  A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API
  ☆77Jan 24, 2025Updated last year
• gotr00t0day / F5-BIG-IP-Scanner

  View on GitHub
  F5 BIG-IP Scanner scans for servers on shodan and checks to see if they are vulnerable.
  ☆22Feb 12, 2023Updated 3 years ago